Let’s start from the fact that here we are referring to a series of programs that many of them are among the most used globally. To give you an idea, we are referring to software solutions of the popularity and widespread use of Word or Excel. Thus, cybercriminals try to find certain vulnerabilities in these applications to access our equipment and its data.
We have seen a clear example of all this in recent years with the macros that are widely used in these office programs. These are functions that allow us to automate certain tasks in applications such as PowerPoint, Excel or Word, among many others. However, they have been a major focus of vulnerabilities over time. That is precisely why at the beginning of this year the software giant, Microsoft, made the decision to disable the macros in office by default.
Obviously, with this movement, what they were trying to solve is the massive arrival of malicious code on their clients’ computers. By deactivating the use of these macros, the arrival of viruses through them was exponentially limited. However, as is usual in these cases, the attackers find other equal ways or more dangerous, as is the case.
Office is vulnerable again with this method
It must be taken into account that last January there was a wave of infections from Office programs that affected many users. Hence the aforementioned decision that was forced to take Microsoft. In addition to this initial move, some time later the firm decided to take new measures now to make it more difficult for malware to spread in Microsoft 365.
But now a new vulnerability is being detected that is beginning to be exploited in the software giant’s suite. This is known from a report by the Cisco Talos Threat Source security section. The main objective of the attackers is now once again accessing all the data on our computer through Excel. Specifically, this is being carried out through a series of bookstores, specifically the xll files. Here we are referring to a specific form of the well-known DLLs used in the Office spreadsheet program.
The attack is very similar to what was carried out through the aforementioned macros. These Excel libraries are now used to add new malicious functions to our spreadsheets and thus access the rest of the team. We are telling you all this because for some time now multiple attacks have been detected through new families of malware that use XLL as a vector of infection.
The worst of all this is that infections through this source are constantly growing, so Microsoft will have to take action on the matter sooner or later.